I was recently affected with a virus apparently. I have over 20 of this process running now, dllhost.exe *32 COM Surrogate. I also am unable to use the Windows Update function. I get an error when trying to do so. I will run the 3 logs shortly and post the results in the next 3 replies. Thanks for your help.

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.*****************************************************************I'll wait until you post the other logs and we'll go from there.

OK, so I ran an MBAM quick scan earlier today and it found multiple issues. I removed those issues and received a log of the action. Since I started this thread I have ran 2 full scans totalling around 7 hours and I am unable to get a log. The first time, it found several additional issues and I removed them. MBAM then froze and had to be restarted. When I got it back up the located issues were in quarantine so I deleted them. However, it didn't create a log for that scan. So I did another full scan. This time it just found 1 issue. It was as follows: PUP.Optional.Conduit.A the location of the file is C:\Users\Premiere Sound&Light\AppData\Local\temp\ct3299568 . I will go ahead and post the log from the quick scan from earlier today in case it might help. Hopefully we can find a way to use it because I don't know what else to do. Here it is:

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.2. Open JavaRA.exe and choose Remove Older Versions3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page for performing a scan.

Caution: This is a beta version so also read the disclaimer and [You must be registered and logged in to see this link.] all your data before using.

When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.

Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.

Copy and paste the contents of these two log files in your next reply.

Well Windows Update is now working again. However, I get a dialogue box that opens when I try to open Windows Security Center saying that it is unable to open. I'm also unable to open Windows Defender or Windows Firewall. I also tried removing my old version of AVG and it won't uninstall. Even using the AVG uninstall tool. I also get a box with RUNDLL at the top of it every time I start up the computer saying its unable to open a specified file. Its some sort of temporary file. The issue with the surrogate is still extremely bad. The computer is running at about 90% memory because of all of the processes that are running.

I've completed the steps from your last post and here is the log from that check.

Malwarebytes Anti-Rootkit BETA 1.07.0.1009[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

I was finally able to get Combofix to fully run and create a log. I should note that I have ran the Rootkit program 5 times and every time it continues to find this: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Hijack.SHELL32)

That is even after running Combofix. I am also still getting the RUNDLL box upon startup where it says it can't find the temporary file I noted in an earlier post. On a brighter note, my Windows Security is finally working again where I can turn on Windows Defender and my Firewall. I have also been able to download approximately 180 Windows Updates as I was unable to do it the past couple of years.

AVG still won't uninstall and I still have 20-25 of the Com Surrogate processes running. Even though they are using less memory than they had before.

Here is the log from Combofix. I'm looking forward to what the next step is.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.*********************************************Please make sure your new AV is installed before doing this next step. It should remove AVG from your computer.

Re-running ComboFix to remove infections:

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

SecCenter::{5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

Rootkit::

Folder::c:\program files (x86)\AVG\AVG10

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Please post the contents of the log in your next reply.

**********************************************Please run both versions of MBAM again and post the logs.

OK. I think we're making some good progress here. I did all of the things from the last post and will be posting the logs. AVG was successfully removed and neither MBAM search found anything. All of the issues seem to be fixed other than just a couple. Windows Security Essentials continues to find 2 files that it is labeling as malicious. Upon removing them it states that I need to download Windows Defender Offline and boot to it from a flash drive. I have done that several times and it finds the files offline and I remove them as requested and upon running another scan they are right back there. WSE is the only program that has found these files. There was no sign of them on any of the other scans we have done. The 2 files that continue to be found are Virus:DOS/Rovnix.W and Virus:Win64/Rovnix.gen!C

The other thing that I have noticed is that my physical memory is running at about 46% with just one browser open. It appears the majority of that, 391,000k, is an svchost.exe. I looked at the services for the exe in task manager and they all have a PID of 592. There's about a dozen different things running under that process. It just seems to put a drain on the computer.

But all of the other issues have been fixed!

Do you have any ideas for what is left? Here are the logs from tonight as well.

It appears the majority of that, 391,000k, is an svchost.exe. I looked at the services for the exe in task manager and they all have a PID of 592. There's about a dozen different things running under that process. It just seems to put a drain on the computer.

You can end each of those processes one at a time and see what happens. I did some more checking about those viruses and [URL=Win64/Rovnix.gen!C]this[/URL] is what I found. If you use your computer for financial or other personal business you may want to consider wiping your hard drive and doing a fresh installation. That is the only way your computer will be considered safe again.According to [You must be registered and logged in to see this link.]MS site, MSE is supposed to clean this infection. I have no idea why it's not doing it but you can always check out the link to the MicroSoft virus and malware community for more insight.